What are common pitfalls when working with PHP and MySQL databases?

One common pitfall when working with PHP and MySQL databases is not properly sanitizing user input, which can leave your application vulnerable to SQL injection attacks. To prevent this, always use prepared statements or parameterized queries when interacting with the database.

// Example of using prepared statements to prevent SQL injection
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$stmt->bindParam(':username', $username);
$stmt->execute();